forked from ethpandaops/ethereum-helm-charts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
README.md.gotmpl
156 lines (129 loc) · 5.84 KB
/
README.md.gotmpl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}
{{ template "chart.description" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }}
# Examples
## Beacon node on the Holesky testnet connected to Holesky via Infura
```yaml
mode: "beacon"
extraArgs:
- --holesky
- --execution-endpoint=<EXECUTION-ENDPOINT>
```
## Exposing the P2P service via NodePort
This will make your node accessible via the Internet using a service of type [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#nodeport).
When using `p2pNodePort.enabled` the exposed IP address on your ENR record will be the "External IP" of the node where the pod is running.
**Limitations:** You can only run a single replica per chart deployment when using `p2pNodePort.enabled=true`.If you need N nodes, simply deploy the chart N times.
```yaml
replicas: 1
p2pNodePort:
enabled: true
port: 31000
```
## Validator node targeting a beacon node service
This example runs a validator on the holesky network that targets a pre-existing `prysm-beacon`
service by injecting the all-accounts.keystore.json` file via a secret ENV var. You could use a similar
approach to fetch your secrets from some external secret management system (Hashicorp Vault, Azure key vault, etc.):
```yaml
replicas: 1
mode: validator
image:
repository: gcr.io/prysmaticlabs/prysm/validator
initContainers:
- name: init-keystore
image: bash:latest
imagePullPolicy: IfNotPresent
command:
- bash
- -c
- >
export INDEX=$(echo $(hostname)| rev | cut -d'-' -f 1 | rev);
mkdir -p /data/wallet/direct/accounts/;
keystore="KEYSTORE_$INDEX";
echo ${!keystore} > /data/wallet/direct/accounts/all-accounts.keystore.json;
password="PASSWORD_$INDEX";
echo ${!password} > /data/wallet-password.txt;
volumeMounts:
- name: storage
mountPath: "/data"
readOnly:
env:
- name: PASSWORD_0
valueFrom:
secretKeyRef:
# Name of the secret that will be generated for you. This is normally `${RELEASE-name}-env`
# You might need to change this
name: prysm-env
key: PASSWORD_0
- name: KEYSTORE_0
valueFrom:
secretKeyRef:
# See comment on the previous secretKeyRef
name: prysm-env
key: KEYSTORE_0
extraArgs:
- --wallet-dir=/data/wallet
- --wallet-password-file=/data/wallet-password.txt
- --beacon-rpc-provider=prysm-beacon:4000
livenessProbe:
tcpSocket: null
exec:
command:
- /app/cmd/validator/validator
- accounts
- list
- --accept-terms-of-use=true
- --wallet-dir=/data/wallet
- --wallet-password-file=/data/wallet-password.txt
initialDelaySeconds: 60
periodSeconds: 120
readinessProbe:
tcpSocket: null
exec:
command:
- /app/cmd/validator/validator
- accounts
- list
- --accept-terms-of-use=true
- --wallet-dir=/data/wallet
- --wallet-password-file=/data/wallet-password.txt
initialDelaySeconds: 10
periodSeconds: 10
secretEnv:
# Note: Never publish any of your production secrets online. These are just used for testing purposes.
PASSWORD_0: NotSoSuperSecret1234!
KEYSTORE_0: >
{
"crypto": {
"checksum": {
"function": "sha256",
"message": "303fd570c747d33a4ceb8b1484fd792ca023c6f0563c492215808e4b1ea138fe",
"params": {}
},
"cipher": {
"function": "aes-128-ctr",
"message": "1f6589828cc7d325429753ea84bfe23ad72d64d12622c07c5121595d3f599c820ed63834b7a659650819e9aaa5a485d6736195b6aeb698861b91a3cb9d63a4864f844308e990d675fee8dc1d16f41a759372b642954e2d20de535961444f509964362ccda21f5e47a07e73c889f6288a93fe6ff315207e8aaba5f12de5e1e89351a0fa7e1c8d08252de8eef8304be5eb2eb649600f235c9e4e7cb4635d7217a7caf6af8cdedc7da4ff2c6fdf95cefeb119a1ae6376f1cf603b68028677df5e3114640b584f20f9173b348491fad52c3b7af92cd0f96fcf032f80d45b3855d0cfb90ecb3e85a3515cf5e4a9fcf849a982909ae69c249fbad1c28c0b91797ff2e555f3a3e4cc0f8e14a7c18ef8ac90bf9c6ed4b094b61bf07b7cfb7bb2a9531f24a2beeb930fd7383eb515f1f99512c1bd7fccfacce1f9b447234a36df9c89d2536281915408b18b04b1dae85565bc0a794ef4a40279afb072fa1bc012c4b668489bec8d5d4c2b29372a1bb97f299992b8eaab80648061f1094e6f790a1a007abda7c675737ac888bf360506e8378b252578bbb811c7d8dc76d76b9f845d38a3d00ee62da62113766406b78a29f9797bb24b36d5bda13063d2407b7ef3b0eb71f9a942484254611af1c2ac43622046a9aaeb04ba7d0b6a2ef2932eb7a316afb1f459d153c16dc6a7328cc362ea7312c646f1a8b86150d90da9adaf0a0eb9bdb7bb05a7ef033af81af9c015d7932603e2c57f015914454d4f1e18cc7c1185690384f8a958fe4727e01314d82588fcca268fdeefcdcc6a2c21c2fdad9db56601e02ce87a1059e980e7f266539810705a07ad4a84df8366ea04f8b5763d28cfc9c4b8ce5a9c101c75e359ef5736e843bbe0ba344c161fa9da48701a8d96b5c45edf15da99da72ab",
"params": {
"iv": "964bc953dbdda657f2876c3e89cc2c90"
}
},
"kdf": {
"function": "pbkdf2",
"message": "",
"params": {
"c": 262144,
"dklen": 32,
"prf": "hmac-sha256",
"salt": "4c8970475c27f4aff9eb4d9c7145b39d0110c964c1979fc334def2f322fda7fd"
}
}
},
"uuid": "727cf6d4-41e7-46ea-98a4-da6a3b2d6a91",
"version": 4,
"name": "keystore"
}
```